ASM detected possible Detection Evasion and HTTP Command injection in traffic

Question

detected possible Detection Evasion and HTTP Command injection in traffic sourcing from hosts destined for F5 VIPs via port http 80. no indication of activity being blocked/denied. &nbsp;
Is this a Application Security, hotfix issue or http security profile configuration?&nbsp;

chris_grant · Answer

Those are part of your ASM security policy.  Whether or not it was blocked would be based on your settings.  You can read more about attack signatures and evasion settings here:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/26.html&nbsp;
or here:&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/f5-asm-operations-guide.pdf&nbsp;
Basically ASM is reporting that someone tried to attack your web infrastructure and tried to do it in such a way that they would slip past a web application firewall.  Normally this is done by encoding a string multiple times.&nbsp;

Forum Discussion

ASM detected possible Detection Evasion and HTTP Command injection in traffic

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

F5 Distributed Cloud JA4 detection for enhanced performance and detection

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

Operationlizing Online Fraud Detection, Prevention, and Response

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS